Detection of Early-Stage Enterprise Infection by Mining Large-Scale Log Data

Recent years have seen the rise of more sophisticated attacks including advanced persistent threats (APTs) which pose severe risks to organizations and governments by targeting confidential proprietary information. Additionally, new malware strains are appearing at a higher rate than ever before. Since many of these malware are designed to evade existing security products, traditional defenses deployed by most enterprises today, e.g., anti-virus, firewalls, intrusion detection systems, often fail at detecting infections at an early stage. We address the problem of detecting early-stage infection in an enterprise setting by proposing a new framework based on belief propagation inspired from graph theory. Belief propagation can be used either with "seeds" of compromised hosts or malicious domains (provided by the enterprise security operation center -- SOC) or without any seeds. In the latter case we develop a detector of C&C communication particularly tailored to enterprises which can detect a stealthy compromise of only a single host communicating with the C&C server. We demonstrate that our techniques perform well on detecting enterprise infections. We achieve high accuracy with low false detection and false negative rates on two months of anonymized DNS logs released by Los Alamos National Lab (LANL), which include APT infection attacks simulated by LANL domain experts. We also apply our algorithms to 38TB of real-world web proxy logs collected at the border of a large enterprise. Through careful manual investigation in collaboration with the enterprise SOC, we show that our techniques identified hundreds of malicious domains overlooked by state-of-the-art security products

Revisiting electroweak phase transition in the standard model with a real singlet scalar

We revisit the electroweak phase transition in the standard model with a real scalar, utilizing several calculation methods to investigate scheme dependences. We quantify the numerical impacts of Nambu-Goldstone resummation, required in one of the schemes, on the strength of the first-order electroweak phase transition. We also employ a gauge-independent scheme to make a comparison with the standard gauge-dependent results. It is found that the effect of the Nambu-Goldstone resummation is typically $\sim1\%$. Our analysis shows that both gauge-dependent and -independent methods give qualitatively the same result within theoretical uncertainties. In either methods, the scale uncertainties in the ratio of critical temperature and the corresponding Higgs vacuum expectation value are more than 10%, which signifies the importance of higher-order corrections.Comment: 15 pages, 2 figures; v2: some clarifications and references added, version to appear in PL

Controlled Heterogeneous Nucleation and Growth of Germanium Quantum Dots on Nanopatterned Silicon Dioxide and Silicon Nitride Substrates

Controlled heterogeneous nucleation and growth of Ge quantum dots (QDs) are demonstrated on SiO_2/Si_3N_4 substrates by means of a novel fabrication process of thermally oxidizing nanopatterned SiGe layers. The otherwise random self-assembly process for QDs is shown to be strongly influenced by the nanopatterning in determining both the location and size of the QDs. Ostwald ripening processes are observed under further annealing at the oxidation temperature. Both nanopattern oxidation and Ostwald ripening offer additional mechanisms for lithography for controlling the size and placement of the QDs

Escalation of Commiement in Software Projects: An Examination of Two Theories

Escalation of commitment is common in many software projects. It stands for the situation where managers decide to continue investing in or supporting a prior decision despite new evidence suggesting the original outcome expectation will be missed. Escalation of commitment is generally considered to be irrational. Past literature has proposed several theories to explain the behaviour. Two commonly used interpretations are self-justification and the framing effect. While both theories have been found effective in causing the escalation of commitment, their relative effect is less studied. The purpose of this study is to further investigate the primary factor that causes the escalation of commitment in software project related decisions. An experiment was designed to examine whether the escalation of commitment exists in different decision contingencies and which theories play a more important role in the escalation. One hundred and sixty two subjects participated in the experiment. The results indicate that both self-justification and problem framing have effects on commitment escalation in software projects but the effect of self-justification is stronger. Significant interaction effect is also found. A commitment is more likely to escalate if the problem is framed positively

Motor Overflow and Spasticity in Chronic Stroke Share a Common Pathophysiological Process: Analysis of Within-Limb and Between-Limb EMG-EMG Coherence

The phenomenon of exaggerated motor overflow is well documented in stroke survivors with spasticity. However, the mechanism underlying the abnormal motor overflow remains unclear. In this study, we aimed to investigate the possible mechanisms behind abnormal motor overflow and its possible relations with post-stroke spasticity. 11 stroke patients (63.6 ± 6.4 yrs; 4 women) and 11 healthy subjects (31.18 ± 6.18 yrs; 2 women) were recruited. All of them were asked to perform unilateral isometric elbow flexion at submaximal levels (10, 30, and 60% of maximum voluntary contraction). Electromyogram (EMG) was measured from the contracting biceps (iBiceps) muscle and resting contralateral biceps (cBiceps), ipsilateral flexor digitorum superficialis (iFDS), and contralateral FDS (cFDS) muscles. Motor overflow was quantified as the normalized EMG of the resting muscles. The severity of motor impairment was quantified through reflex torque (spasticity) and weakness. EMG-EMG coherence was calculated between the contracting muscle and each of the resting muscles. During elbow flexion on the impaired side, stroke subjects exhibited significant higher motor overflow to the iFDS muscle compared with healthy subjects (ipsilateral or intralimb motor overflow). Stroke subjects exhibited significantly higher motor overflow to the contralateral spastic muscles (cBiceps and cFDS) during elbow flexion on the non-impaired side (contralateral or interlimb motor overflow), compared with healthy subjects. Moreover, there was significantly high EMG-EMG coherence in the alpha band (6–12 Hz) between the contracting muscle and all other resting muscles during elbow flexion on the non-impaired side. Our results of diffuse ipsilateral and contralateral motor overflow with EMG-EMG coherence in the alpha band suggest subcortical origins of motor overflow. Furthermore, correlation between contralateral motor overflow to contralateral spastic elbow and finger flexors and their spasticity was consistently at moderate to high levels. A high correlation suggests that diffuse motor overflow to the impaired side and spasticity likely share a common pathophysiological process. Possible mechanisms are discussed